1.0.0 [2022-04-18]
·
109 commits
to master
since this release
1.0.0
nemesifier
Federico Capoano
This tag was signed with the committer’s verified signature.
nemesifier
Federico Capoano
Version 1.0.0 [2022-04-18]
Features
- Allowed to login via API with email or phone number
- Allowed freeradius authorize with email or phone number
- Allowed the usage of subnets in
OPENWISP_RADIUS_FREERADIUS_ALLOWED_HOSTS - Made the fields containing personal data of users which are exposed
in the registration API configurable (allowed, mandatory, disabled)
via the OPENWISP_RADIUS_OPTIONAL_REGISTRATION_FIELDS setting or the
admin interface - Allow to disable registration API via the
OPENWISP_RADIUS_REGISTRATION_API_ENABLED setting or the admin
interface - Added throttling of API requests
- Added OPENWISP_RADIUS_API_BASEURL setting
- Add identity verification feature, configurable via the
OPENWISP_RADIUS_NEEDS_IDENTITY_VERIFICATION or via admin
interface - Added utilities for implementing new registration and identity
verification methods - Added captive portal mock views to ease development and
debugging - Add possibility to filter users by registration method in the admin
interface - Added SAML registration method to implement captive portal
authentication via Single Sign On (SSO) - Added management command and celery task to delete unverified
users - Added translations of user facing API responses in Italian, German,
Slovenian and Furlan - Added Convert RADIUS accounting CALLED-STATION-ID feature,
celery task and management command, with the possibility of
triggering it on accounting creation (see
OPENWISP_RADIUS_CONVERT_CALLED_STATION_ON_CREATE) - Added an equivalent of the FreeRADIUS sqlcounter feature to the
REST API - Added emission of django signal to FreeRADIUS accounting view:
radius_accounting_success - Added possibility to send email to the user an they start a new
radius accounting session - Added organization level settings and related admin interface
functionality to enable/disable SAML and social login: - Added setting to avoid updating username from SAML:
OPENWISP_RADIUS_SAML_UPDATES_PRE_EXISTING_USERNAME
Changes
Backward incompatible changes
- Updated prefixes of REST API URLs:
- API endpoints dedicated to FreeRADIUS have moved to
/api/v1/freeradius/ - the rest of the API endpoints have moved to
/api/v1/radius/
- API endpoints dedicated to FreeRADIUS have moved to
- Allowed
usernameandphone_numberin password reset API, the
endpoint now accepts the "input" parameter instead of "email" - Removed customizations for checks and password hashing because they
are unmaintained, any user needing these customizations is advised
to implement them as a third party app - Improved REST API to change password: inherited
PasswordChangeView
of openwisp-users to add support for the current-password field in
password change view
Dependencies
- Added support for Django 3.2 and 4.0
- Dropped support for Django 2.2
- Upgraded celery to 5.2.x
- Updated and tested Django REST Framework to 3.13.0
- Added support for Python 3.8, 3.9
- Removed support for Python 3.6
Other changes
- Moved AccountingView to freeradius endpoints
- Relaxed default values for the SMS token settings
- Switched to new navigation menu and new OpenWISP theme
- Allowed users to sign up to multiple organizations
- Update username when phone number is changed if username is equal to
the phone number - Update stop time and termination to
Noneifstatus_typeis
Interim-Update - Send password reset emails using HTML theme: leverage the new
openwisp-utils send_email function to send an HTML version of
the reset password email based on the configurable email HTML theme
of OpenWISP - Save the user preferred language in obtain and validate token views
- Added validation check to prevent invalid username in batch user
creation - Allowed to set the Password Reset URL setting via the admin
interface - Added soft limits to celery tasks for background operations
- Generalized the implementation of the fallback model fields which
allow overriding general settings for each organization
Bugfixes
- Fixed login template of openwisp-admin-theme
- Fixed swagger API docs collision with openwisp-users
- Ensured each user can be member of a group only once
- Radius check and reply should check for organization membership
ValidateAuthTokenView: showphone_numberasnullifNone- Freeradius API: properly handle interaction between multiple orgs:
an user trying to authorize using the authorization data of an org
for which they are not member of must be rejected - Fixed radius user group creation with multiple orgs
- Added validation of phone number uniqueness in the registration API
- Fixed issues with translatable strings:
- we don't translate log lines anymore because these won't be
shown to end users gettextdoes not work with fstrings, therefore the use of
str.format()has been restored- improved some user facing strings
- we don't translate log lines anymore because these won't be
- Fixed Accounting-On and Accounting-Of accounting requests with blank
usernames - Delete any cached radius token key on phone number change
- Fixed handling of interim-updates for closed sessions: added
handling of "Interim-Updates" for RadiusAccounting sessions that are
closed by OpenWISP when user logs into another organization - Flag user as verified in batch user creation
- Added validation which prevents the creation of duplicated
check/reply attributes